Re: linux-mm@xxxxxxxxx - limping on a backup
From: Benjamin LaHaise
Date: Mon Jun 28 2021 - 10:55:11 EST
On Mon, Jun 28, 2021 at 11:26:59AM -0300, Jason Gunthorpe wrote:
> Isn't a 7-bit conversion what I pointed at last time we talked about
> this?
I changed several options in postfix last time this was raised, but as
nobody ever provided a test case, I had no way of knowing if it worked or
not. Personally, I think DKIM provides very little value considering that
a good chunk of the spam that goes by has valid DKIM signatures, not to
mention that it doesn't help with modern phishing attempts much either.
> DKIM assumes a "modern" mail system, there should not be 7bit
> conversions in the mail pipeline. Anyone sending DKIM needs to be 8
> bit clean.
"Be strict in what you send, and be liberal in what you receive." DKIM
makes assumptions about the mail transport layer that are not true. If
the signatures had been applied on content *after* the quoted printable
conversion, this would never have been an issue. DKIM is a poorly done
spec that ignores decades of that philosophy at the IETF. And even if a
DKIM signature passes, that's still not enough to trust the resulting
email. All it does is ensure that a small subset of valid emails get
dropped on the floor. This doesn't seem like an overall win.
-ben
--
"Thought is the essence of where you are now."